| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rather than an error. Detaches do not "fail", they other occur or
the protocol flags SS_PROTOREF to take ownership of the socket.
soclose() no longer looks at so_pcb to see if it's NULL, relying
entirely on the protocol to decide whether it's time to free the
socket or not using SS_PROTOREF. so_pcb is now entirely owned and
managed by the protocol code. Likewise, no longer test so_pcb in
other socket functions, such as soreceive(), which have no business
digging into protocol internals.
Protocol detach routines no longer try to free the socket on detach,
this is performed in the socket code if the protocol permits it.
In rts_detach(), no longer test for rp != NULL in detach, and
likewise in other protocols that don't permit a NULL so_pcb, reduce
the incidence of testing for it during detach.
netinet and netinet6 are not fully updated to this change, which
will be in an upcoming commit. In their current state they may leak
memory or panic.
MFC after: 3 months
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
than an int, as an error here is not meaningful. Modify soabort() to
unconditionally free the socket on the return of pru_abort(), and
modify most protocols to no longer conditionally free the socket,
since the caller will do this.
This commit likely leaves parts of netinet and netinet6 in a situation
where they may panic or leak memory, as they have not are not fully
updated by this commit. This will be corrected shortly in followup
commits to these components.
MFC after: 3 months
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Vararg functions have a different calling convention than regular
functions on amd64. Casting a varag function to a regular one to
match the function pointer declaration will hide the varargs from
the caller and we will end up with an incorrectly setup stack.
Entirely remove the varargs from these functions and change the
functions to match the declaration of the function pointers.
Remove the now unnecessary casts.
Also change static struct ipprotosw[] to two independent
protosw/ip6protosw definitions to remove an unnecessary cast.
PR: amd64/95008
Submitted and tested by: Mats Palmgren
Reviewed by: rwatson
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
| |
Make the kernel side of FAST_IPSEC not depend on the shared
structures defined in /usr/include/net/pfkeyv2.h The kernel now
defines all the necessary in kernel structures in sys/netipsec/keydb.h
and does the proper massaging when moving messages around.
Sponsored By: Secure Computing
|
| |
|
|
|
|
| |
systems. Without the change it will panic on assertions.
MFC after: 2 weeks
|
| |
|
|
|
|
|
|
| |
Correctly identify the user running opiepasswd(1) when the login name
differs from the account name. [2]
Security: FreeBSD-SA-06:11.ipsec [1]
Security: FreeBSD-SA-06:12.opie [2]
|
| |
|
|
|
|
|
| |
m_unshare and the caller can now control how mbufs are allocated
Reviewed by: andre, luigi, mlaier
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Vararg functions have a different calling convention than regular
functions on amd64. Casting a varag function to a regular one to
match the function pointer declaration will hide the varargs from
the caller and we will end up with an incorrectly setup stack.
Entirely remove the varargs from these functions and change the
functions to match the declaration of the function pointers.
Remove the now unnecessary casts.
Lots of explanations and help from: peter
Reviewed by: peter
PR: amd64/89261
MFC after: 6 days
|
| |
|
|
| |
custom kernels.
|
| |
|
|
| |
so they are easier to follow for the human being.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Having an additional MT_HEADER mbuf type is superfluous and redundant
as nothing depends on it. It only adds a layer of confusion. The
distinction between header mbuf's and data mbuf's is solely done
through the m->m_flags M_PKTHDR flag.
Non-native code is not changed in this commit. For compatibility
MT_HEADER is mapped to MT_DATA.
Sponsored by: TCP/IP Optimization Fundraise 2005
|
| |
|
|
|
|
| |
covering all edge cases too.
Sponsored by: TCP/IP Optimization Fundraise 2005
|
| | |
|
| |
|
|
| |
Submitted by: ume
|
| | |
|
| |
|
|
|
|
| |
default elements in net_init_domain().
This makes it possible to grep these structures and see any bogosities.
|
| |
|
|
|
|
| |
destroyed twice.
Submitted by: Roselyn Lee
|
| |
|
|
| |
Submitted by: Roselyn Lee
|
| |
|
|
|
|
|
|
|
| |
the mbuf due to use of m_pulldown. Discarding the result because of this
does not make sense as no subsequent code depends on the entire msg being
linearized (only the individual pieces). It's likely something else is wrong
here but for now this appears to get things back to a working state.
Submitted by: Roselyn Lee
|
| |
|
|
|
|
|
|
| |
build kernels with FAST_IPSEC and PF. This is the least disruptive fix.
PR: kern/71836
Reviewed by: bms, various mailing lists
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
its users.
netisr_queue() now returns (0) on success and ERRNO on failure. At the
moment ENXIO (netisr queue not functional) and ENOBUFS (netisr queue full)
are supported.
Previously it would return (1) on success but the return value of IF_HANDOFF()
was interpreted wrongly and (0) was actually returned on success. Due to this
schednetisr() was never called to kick the scheduling of the isr. However this
was masked by other normal packets coming through netisr_dispatch() causing the
dequeueing of waiting packets.
PR: kern/70988
Found by: MOROHOSHI Akihiko <moro@remus.dti.ne.jp>
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
have already done this, so I have styled the patch on their work:
1) introduce a ip_newid() static inline function that checks
the sysctl and then decides if it should return a sequential
or random IP ID.
2) named the sysctl net.inet.ip.random_id
3) IPv6 flow IDs and fragment IDs are now always random.
Flow IDs and frag IDs are significantly less common in the
IPv6 world (ie. rarely generated per-packet), so there should
be smaller performance concerns.
The sysctl defaults to 0 (sequential IP IDs).
Reviewed by: andre, silby, mlaier, ume
Based on: NetBSD
MFC after: 2 months
|
| |
|
|
| |
compilation.
|
| |
|
|
|
| |
PR: misc/67013
Submitted by: Zhenmin <zli4@cs.uiuc.edu>
|
| |
|
|
|
|
|
|
| |
(was using src instead of dst)
Submitted by: Bjoern A. Zeeb
Obtained from: KAME
MFC after: 1 day
|
| |
|
|
|
|
| |
removing specific SPIs
Submitted by: Bjoern A. Zeeb
|
| |
|
|
|
|
|
|
| |
(makes net.key.preferred_oldsa work as for KAME)
Submitted by: gabor@sentex.net
Reviewed by: Bjoern A. Zeeb
MFC after: 1 day
|
| | |
|
| |
|
|
|
|
| |
Change for (...) to TAILQ_FOREACH(...)
Ok'ed by: sam
|
| |
|
|
| |
Approved by: sam
|
| |
|
|
| |
correct this lameness.
|
| |
|
|
|
|
|
| |
and is corrected to net.key.preferred_oldsa
This makes it consistent with the KAME IPsec implementation.
Approved by: sam
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the first of two commits; bringing in the kernel support first.
This can be enabled by compiling a kernel with options TCP_SIGNATURE
and FAST_IPSEC.
For the uninitiated, this is a TCP option which provides for a means of
authenticating TCP sessions which came into being before IPSEC. It is
still relevant today, however, as it is used by many commercial router
vendors, particularly with BGP, and as such has become a requirement for
interconnect at many major Internet points of presence.
Several parts of the TCP and IP headers, including the segment payload,
are digested with MD5, including a shared secret. The PF_KEY interface
is used to manage the secrets using security associations in the SADB.
There is a limitation here in that as there is no way to map a TCP flow
per-port back to an SPI without polluting tcpcb or using the SPD; the
code to do the latter is unstable at this time. Therefore this code only
supports per-host keying granularity.
Whilst FAST_IPSEC is mutually exclusive with KAME IPSEC (and thus IPv6),
TCP_SIGNATURE applies only to IPv4. For the vast majority of prospective
users of this feature, this will not pose any problem.
This implementation is output-only; that is, the option is honoured when
responding to a host initiating a TCP session, but no effort is made
[yet] to authenticate inbound traffic. This is, however, sufficient to
interwork with Cisco equipment.
Tested with a Cisco 2501 running IOS 12.0(27), and Quagga 0.96.4 with
local patches. Patches for tcpdump to validate TCP-MD5 sessions are also
available from me upon request.
Sponsored by: sentex.net
|
| |
|
|
|
| |
Submitted by: Roselyn Lee <rosel@verniernetworks.com>
MFC after: 1 week
|
| |
|
|
|
|
|
|
| |
o remove extraneous bzero
o add SYSINIT to properly initialize ip4_def_policy
Submitted by: "Bjoern A. Zeeb" <bzeeb+freebsd@zabbadoz.net>
Submitted by: gnn@neville-neil.com
|
| | |
|
| |
|
|
|
|
| |
netstat works properly
Submitted by: "Bjoern A. Zeeb" <bzeeb+freebsd@zabbadoz.net>
|
| |
|
|
|
|
|
|
|
|
| |
is NULL, otherwise ipsec4_process_packet() may try to m_freem() a
bad pointer.
In ipsec4_process_packet(), don't try to m_freem() 'm' twice; ipip_output()
already did it.
Obtained from: netbsd
|
| | |
|
| |
|
|
|
|
|
|
| |
routines, and purge them from opencrypto.
Reviewed by: sam
Obtained from: NetBSD
Sponsored by: spc.org
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the MAC label referenced from 'struct socket' in the IPv4 and
IPv6-based protocols. This permits MAC labels to be checked during
network delivery operations without dereferencing inp->inp_socket
to get to so->so_label, which will eventually avoid our having to
grab the socket lock during delivery at the network layer.
This change introduces 'struct inpcb' as a labeled object to the
MAC Framework, along with the normal circus of entry points:
initialization, creation from socket, destruction, as well as a
delivery access control check.
For most policies, the inpcb label will simply be a cache of the
socket label, so a new protocol switch method is introduced,
pr_sosetlabel() to notify protocols that the socket layer label
has been updated so that the cache can be updated while holding
appropriate locks. Most protocols implement this using
pru_sosetlabel_null(), but IPv4/IPv6 protocols using inpcbs use
the the worker function in_pcbsosetlabel(), which calls into the
MAC Framework to perform a cache update.
Biba, LOMAC, and MLS implement these entry points, as do the stub
policy, and test policy.
Reviewed by: sam, bms
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
change 38496
o add ipsec_osdep.h that holds os-specific definitions for portability
o s/KASSERT/IPSEC_ASSERT/ for portability
o s/SPLASSERT/IPSEC_SPLASSERT/ for portability
o remove function names from ASSERT strings since line#+file pinpints
the location
o use __func__ uniformly to reduce string storage
o convert some random #ifdef DIAGNOSTIC code to assertions
o remove some debuggging assertions no longer needed
change 38498
o replace numerous bogus panic's with equally bogus assertions
that at least go away on a production system
change 38502 + 38530
o change explicit mtx operations to #defines to simplify
future changes to a different lock type
change 38531
o hookup ipv4 ctlinput paths to a noop routine; we should be
handling path mtu changes at least
o correct potential null pointer deref in ipsec4_common_input_cb
chnage 38685
o fix locking for bundled SA's and for when key exchange is required
change 38770
o eliminate recursion on the SAHTREE lock
change 38804
o cleanup some types: long -> time_t
o remove refrence to dead #define
change 38805
o correct some types: long -> time_t
o add scan generation # to secpolicy to deal with locking issues
change 38806
o use LIST_FOREACH_SAFE instead of handrolled code
o change key_flush_spd to drop the sptree lock before purging
an entry to avoid lock recursion and to avoid holding the lock
over a long-running operation
o misc cleanups of tangled and twisty code
There is still much to do here but for now things look to be
working again.
Supported by: FreeBSD Foundation
|
| |
|
|
|
|
| |
Submitted by: <jonathan@decru.com>
Supported by: FreeBSD Foundation
Obtained from: NetBSD
|
| |
|
|
|
|
|
|
|
|
| |
o add locking
o strip irrelevant spl's
o split malloc types to better account for memory use
o remove unused IPSEC_NONBLOCK_ACQUIRE code
o remove dead code
Sponsored by: FreeBSD Foundation
|
| |
|
|
|
|
|
|
| |
for ip{4,6}-in-ip{4,6} encapsulation; fixes panic
for truncated ip-in-ip over ipsec
Submitted by: Markus Friedl <markus@openbsd.org>
Obtained from: OpenBSD (rev 1.66 ipsec_input.c)
|
| |
|
|
|
|
|
| |
for crypto operations that indicates the crypto code should do the check
in crypto_done
MFC after: 1 day
|
| |
|
|
|
| |
Submitted by: Larry Baird <lab@gta.com>
MFC after: 1 day
|
| |
|
|
|
|
|
|
| |
o add missing zeroize op when deleting an SA
o don't re-initialize an xform for an SA that already has one
Submitted by: Doug Ambrisko <ambrisko@verniernetworks.com>
MFC after: 1 day
|
| |
|
|
|
|
|
| |
mark crypto requests with ``callback immediately'' to avoid doing a context
switch to return crypto results. This completes the work to eliminate
context switches for using software crypto via the crypto subsystem (with
symmetric crypto ops).
|
| |
|
|
|
|
|
| |
of asserting that an mbuf has a packet header. Use it instead of hand-
rolled versions wherever applicable.
Submitted by: Hiten Pandya <hiten@unixdaemons.com>
|
